Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

During his campaign, President Obama promised that he would "make cyber-security the top priority that it should be in the 21st century. I'll declare our cyber-infrastructure a strategic asset, and appoint a national cyber-adviser, who will report directly to me."

About a month ago Obama appointed Melissa Hathaway, who served as the cyber-security coordinator executive under Mike McConnell, former President Bush's Director of National Intelligence, to be a senior director at the National Security Council. She is currently performing a 60-day review of security of federal systems. She is also a leading candidate to be the "national cyber-adviser" to which Obama referred in the campaign, assuming he goes through with such an appointment. Currently she is several steps away from reporting directly to the president.

Many years after creating a Director of National Intelligence (the new one is Dennis C. Blair), specifically in order to coordinate all the various sources of intelligence and make sense of them, it seems we're not very good at that, according to a report examined by the Wall Street Journal. "Cultural, organizational and technical obstacles have slowed efforts to move information across agency boundaries," according to the article. Expect cyber-security to be a similar problem, and remember that it is one of those components that needs to be coordinated by the DNI.

I actually assume that the DNI really did try to do a better job, and it seems the report says they did accomplish some things, just that they have a long way to go. But it's a really hard job, and coordinating cyber-security for the nation is really hard, too. It could be that it's a job doomed to failure; could we actually make things worse?

Further reading

Absolutely we could. It's worth asking at the outset what we're talking about defending; is it just federal government systems, in which case the czar is really just the federal CSO? This is not only unobjectionable, it's a pretty good idea. I'm sure most large federal agencies have a CSO or someone with such responsibilities (correct me below if I'm wrong) but it's fair to have a coordinator directing a common security policy above them, one who can also help them to get their jobs done by providing political weight. This position really needs to report directly to the president? That I don't understand.

And if we're talking about someone who's in charge of security for the whole of U.S. Internet infrastructure, the idea is pretentious and dangerous. Today an appointed czar would have no real authority over badly administered Web servers, ISPs that have insufficient controls, networks with no DNSSec or IPv6 support. And there is no U.S. border to defend on the Internet; many significant U.S. Internet assets are tied closely with assets owned by the same organizations abroad.

If the government is supposed to have real authority in this regard it would take new and highly intrusive legislation to do so, and none of us would take it sitting down. If they won't have the authority, then nothing has really changed, which is maybe the best way to go about things.

What would you do if you really wanted to shape up the nation's networks? You'd need someone in charge with real authority, like a real CTO or network admin at a real enterprise. Imagine it: someone with the authority to quarantine infected systems; the authority to disconnect networks that are poorly, perhaps even maliciously, managed; the authority to ban old and insecure products and, conversely the authority to mandate new and secure ones, like DNSSec and IPv6; the authority to tell people "no, you can't do that with your own computer."

There is no way we would ever put up with authority like that on the Internet. There's no way service providers would put up with it either.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983.

For insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer's blog Cheap Hack.

Advertiser Disclosure:
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.